← back
CVE-2005-4260

CVE-2005-4260

EPSS 2.1%
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/26817unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.securityfocus.com/archive/1/419496/100/0/threadedhttp://www.securityfocus.com/archive/1/419991/100/0/threadedhttp://www.securityfocus.com/bid/15855